Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Verify TOTP Technical Overview



Data model

data-model page anchor

The data model does not require any PII (such as phone or email).

Verify TOTP data model.

  • Service : an organization or environment (e.g. stage, prod). Contains configurations for all verification methods available through the Verify platform (SMS OTP, Voice OTP, Email OTP, Push Verification, TOTP). A Twilio [sub]account can have multiple Services. Each Service contains multiple Entities that are not shared across Services.
  • Entity : a user or other identity that needs verification. An Entity can contain multiple Factors.
  • Factor : a verification method, which involves an exchange of secrets via a communication channel. For factor_type totp , which follows the RFC-6238(link takes you to an external page) algorithm, the Factor contains the seed (Binding.Secret) that is used to generate the TOTP. A Factor contains multiple Challenges.
  • Challenge : a single verification attempt of an Entity using a Factor. A single Factor has multiple Challenges.

Verify TOTP involves two main sequences that are shown in the diagrams below:

  1. Register a user by generating a unique TOTP seed and verify that they've correctly added it to their Authenticator App for generating TOTP codes.
  2. Verify a user by verifying that the TOTP code they've provided matches the TOTP code generated by the unique TOTP seed.

Register a user and TOTP seed

register-a-user-and-totp-seed page anchor
register-user-public-docs-sequence-diagram-Verify_TOTP_Sequence_Diagram 4.
verify-user-public-docs-sequence-diagram-Verify_TOTP_Sequence_Diagram 3.

Ready to start building?

ready-to-start-building page anchor

Check out the quickstart for step-by-step instructions.


Rate this page: